Email encryption status - Security Information
In certain cases, the 'From address' which appears in the email, may be different from the actual email address using which the email was sent. There are two possible cases:
- Genuine Cases: In genuine cases, the owner or the admin of the domain/ email address may be using another service or application, to send emails on his/ her behalf. In this case, the application will be sending emails from a third-party domain, which differs from the actual sender. (Ex: Marketing emails/ Newsletters/ etc)
- Spoofing Cases: Most of the Spam or phishing emails, are sent on the pretext of your own domain, or a domain/ contact whom you trust. In this case, the sender would not have anything to do with the domain which actually sends these emails. While most of these emails, would be identified and marked as Spam by our Spam filters, it is possible that some of these emails make way to your Inbox.
To help you identify the emails, which have the 'From' email address to be different from the actual 'Sender' email address, Zoho Mail provides the 'Sent Via' information along with the actual sender information in the email preview pane. You can click the 'Via' link to view the original sender of the email.
Zoho Mail, being a secure email service, provides you this information, to protect you from misleading emails, sent using a different email address, under a disguise of some of your contacts.
Click the small triangle below to view the original sender details of the email.
In cases where you notice this difference in the actual email address and the From address in the email, you can be extra cautious and avoid disclosing any important information by replying to the email or following any instructions in the email.
Unauthenticated and suspicious emails are automatically identified by Zoho Mail. A warning message is displayed in the Preview of these unauthenticated emails with options to Report Spam or to Trust the sender. This warning label can appear in different scenarios:
- Unconfirmed Sender - When the actual sender is not the same as the person/ company who appears to send the email.
- Spam check fail - When the email fails DMARC/ SPF/ DKIM checks.
You can click on the Report Spam to mark the email as Spam or the Trust this Sender option in case the email is from a genuine sender.
Email contains Web pixel
In some cases, an email containing a web pixel can be used for tracking a recipient when they open the email. Such emails are detected by Zoho Mail and a warning message is displayed with an option to Block this sender to prevent it.
Report Spam option will not be available for Shared emails and emails in Shared folders or Spam folder.
In case a genuine email is in the spam folder you can undo it based on the reason it was marked as spam and prevent it from happening again by following the instructions in this help document.
Email encryption keeps your email safe, and secure and prevents unauthorized access to the data sent via email. This applies to all the emails sent/ received both within and outside your organization's domain.
Encryption of emails in transit helps keep your emails safe while it travels from the sender to the recipient. This protects your emails from being read by unauthorized parties, while in transit. The level of encryption of the emails you receive is displayed in the email preview pane.
The emails you receive could be encrypted using Transport Layer Security (TLS) or not encrypted at all depending on the sender's email service provider. TLS is a protocol that uses symmetric cryptography to encrypt emails in transit.
|No encryption||The email has not been encrypted.|
|Standard Encryption||The email has been encrypted using TLS (Transport Layer Security).|
|S/MIME||The email has been encrypted using S/MIME (Secure/ Multipurpose Internet Mail Extension)|
The emails sent and received using Zoho Mail are encrypted by TLS. However, in the case of sending an email to an external domain with a different email service provider, the encryption will be based on the support given by the provider. If you want to restrict the delivery of emails to users with plain security, you can opt to choose forced TLS for both incoming and outgoing emails from/ to external domains. To enable forced TLS for your organization, contact email@example.com.
You can view the level of encryption of the emails you send. Navigate to your Sent folder and click on the Delivery status icon of any delivered email. The level of encryption of the sent email is displayed in the delivery details pop-up that opens.